Thursday, July 25, 2013

First search engines to offer TLS 1.1.and 1.2 as well as "Perfect Forward Secrecy"

NEW YORK & AMSTERDAM
- In the wake of the US PRISM Internet surveillance scandal,
companies are revisiting how they do business online and beefing up
their privacy practices to protect their
users.

Private search
engines StartPage and Ixquick have pioneered a new
advance in encryption security this week, becoming the first search
engines in the world to enable "Perfect Forward Secrecy" or PFS in
combination with a more secure version
of SSL encryption known as TLS 1.1. and 1.2 , which works
by setting up a secure "tunnel" through which users' search traffic
cannot be intercepted.

This is the latest in a series
of security firsts by StartPage and Ixquick, which pioneered the
field of private search in 2006. Combined, StartPage/Ixquick is the
largest private search engine, serving well over 4
million searches daily.

Harvard-trained privacy expert Dr.
Katherine Albrecht, who helped develop StartPage, says, "We take
encryption very seriously, and we've always led the way when it
comes to security. We were first to adopt default SSL
encryption in 2011, and now we're setting the standard
for encryption in the post-PRISM world."

SSL encryption has
been proven to be an effective tool for protecting sensitive online
traffic from eavesdropping and surveillance. However, security
researchers now worry that SSL encryption may not provide adequate
protection if Government agencies are scooping up large amounts of
encrypted traffic and storing it for later decryption.

With
SSL alone, if a target website's "private key" can be obtained
once in the future - perhaps through court order, social
engineering, attack against the website, or cryptanalysis - that
same key can then be used to unlock all other historical
traffic of the affected website. For larger Internet services, that
could expose the private data of millions of
people.

StartPage and Ixquick have now deployed a defense against
this known as "Perfect Forward Secrecy," or PFS.

PFS
uses a different "per-session" key for each data transfer, so
even if a site's private SSL key is compromised, data that was
previously transmitted is still safe. Those who want to decrypt
large quantities of data sent using PFS face the daunting task
of individually decrypting each separate file, as opposed to
obtaining a single key to unlock them all.

This can be
likened to replacing the master "skeleton key" that unlocks every
room in a building with a tight security system that puts a
new lock on each door and then creates a unique key for each
lock.

In addition to its pioneering use of PFS, earlier this
month StartPage and Ixquick deployed Transport Layer Security,
or TLS, encryption versions TLS 1.1 and 1.2 on all of its
servers. TLS is an upgraded form of SSL encryption, which
sets up a secure "tunnel" that protects users' search
information.

CEO Robert Beens urges
other companies to upgrade to these new technologies.
"With Perfect Forward Secrecy and TLS 1.1 and
1.2 combined, we are once again leading the privacy industry
forward. For the sake of their users' privacy, we strongly
recommend other search engines follow our
lead."